Tag Archives | Microsoft

Microsoft Patches 3 vulnerabilities: Flash (!), Exchange, DTS

By Ted Roche on May 10, 2006 in Microsoft, Security

InfoWorld reports “Microsoft released one critical security update for its Exchange messaging server and two security updates for Windows on Tuesday, one of which was critical… In Microsoft’s rating system, a critical vulnerability means it could allow unauthorized software to be installed without user action… The third patch released Tuesday fixes two vulnerabilities in Windows rated as “moderate,” Microsoft said… More information and Microsoft’s monthly security bulletin can be found at its Web site“.

Funny, I would not have thought that Adobe Flash was a product MSFT would be responsible for patching, but it appears they shipped it in some of their components. Watch out for the Exchange patch – SANS Internet Storm Center is reporting it cripples Blackberries using the Blackberry Enterprise Server.

MS06-018, 019 and 020 ship this week. It’s the 19th week of the year.

Vista loses another feature

By Ted Roche on May 3, 2006 in Microsoft, Security

OSNews reports RSA: Microsoft To Shelve Token Support in Vista. “Microsoft has shelved plans to include built-in support for RSA Security’s tokens in Windows Vista, even though the company has been testing out the authentication technology for almost two years. In February 2004, Microsoft Chairman Bill Gates said that Windows would be able to support easy integration with RSA’s popular SecurID tokens. That meant businesses would find it far easier to deploy a two-factor authentication system for logging on to networks and applications. However, almost two years after the SecurID beta-testing program kicked off, RSA’s chief executive, Art Coviello, disclosed that Windows Vista will not natively support the technology.”

So, there were features left in Vista! Good thing Microsoft found them and removed them before shipping!

Microsoft encourages Office alternatives

By Ted Roche on April 30, 2006 in Microsoft, OpenSource

Microsoft Watch from Mary Jo Foley reports It Didn’t Take Long: Office Validation Program Goes Live. “Just days after announcing its plans to attempt to thwart Office piracy by using the same kind of validation mechanism it has instituted for Windows, Microsoft posted for download the first Office Genuine Advantage (OGA)validated component.”

I can’t think of a better way to get folks to look at the alternatives to Microsoft Office – Corel WordPerfect Office, IBM/Lotus SmartSuite, Sun StarOffice, OpenOffice.org, Apple’s iWork and AppleWorks, and other tools – than to treat them as criminal suspects and to prevent the “extended try-ware” rationalization we’ve all heard once or twice. People need to recognize that MS Office is no big deal and that there are a lot of other packages that can meet their needs with less hassle, less cost, less malware and perhaps even an open and standardized office data interchange format. There’s nothing to lose but the shackles!

A sign of changing times

By Ted Roche on April 28, 2006 in LAMP, Microsoft, OpenSource, Security

Netcraft notes that “Apache has overtaken Microsoft as the leading developer of secure web servers. Apache now runs on 44.0% of secure web sites, compared to 43.8% for Microsoft.” Yet another sign of the tide turning. Interesting article with several trends explaining the shift, and a great graph. Read the entire article here

SMTP Good; MAPI Bad

By Ted Roche on April 27, 2006 in Microsoft, Security

Microsoft Watch from Mary Jo Foley asks “Is Microsoft Engaging in ‘Borderline Extortion’ with Security Disclosures?” “We have to admit, zero-day Internet Explorer vulnerabilities just don’t shock us any more. But the harsh words of security researcher Michal Zalewski, regarding Microsoft’s policies for dealing with vulnerabilities, did make us stand up and take notice.”

In very related news, eWEEK.com is reporting Microsoft Rocked by New IE Zero-Day Flaw Warning. “Microsoft is scrambling to address the public disclosure of a new zero-day vulnerability that could put Web surfers at risk of code execution attacks.”

Microsoft ships v. 2.0 of MS06-015 patch

By Ted Roche on April 26, 2006 in Microsoft, Security

In a fairly unusual move, Microsoft has re-released MS06-015, Vulnerability in Windows Explorer Could Allow Remote Code Execution (908531). Microsoft sent out an email to let folks know about that. Amazingly, while explaining why they were re-issuing the patch, they never mention what the patch is, nor specifically what went wrong, nor who should apply the new patch:

This bulletin has been re-released to
advise customers that revised versions of the security update
are available for all products listed in the “Affected Software”
section. Customers who have already applied the MS06-015 update
who are not experiencing the problem need take no action.

Here’s the quick scoop: Windows Explorer (the desktop, not the browser) has fundamentally changed the way it launches programs, and some programs that hooked into that behavior, including Hewlett-Packard’s “Share-to-Web”, older NVIDIA graphics drivers, Kerio firewall, and others, would fail to operate properly, lock up, or freeze after files are saved, especially to “My Documents” or other special folders. This patch allegedly fixes the problem.

Get Patching! Good Luck!

Microsoft keeping secrets from the good guys

By Ted Roche on April 19, 2006 in Microsoft, Security

From Microsoft Watch from Mary Jo Foley: Is Microsoft’s Silent Treatment Appropriate for Patches?. “Microsoft says it is withholding certain details on security vulnerabilities to protect customers from bad guys. But critics say Microsoft’s cone of security silence only increases the risk for everyone.”

An interesting article. It claims that Microsoft is keeping its bug count artificially low by silently slipstreaming multiple bug fixes into the patches and, worse, not disclosing the details even to their “trusted partners.” The bad guys know what’s patched. Why shouldn’t we? Shouldn’t “Trustworthy Computing” require more transparency than this?

Microsoft runs into patch problems

By Ted Roche on April 16, 2006 in Microsoft, Security

Windows running funny today? How can you tell? The SANS Internet Storm Center notes that the latest Microsoft patches are causing some trouble in the real world, including machines with a common Hewlett-Packard Share-to-Web utility installed: “Patch Tuesday Fallout, (Sun, Apr 16th). Microsoft published a knowledge base article about issues with MS06-015. The two main culprits … (more)”

Definitely not OK

By Ted Roche on April 12, 2006 in Security

Joho the Blog writes “Microsoft writes bill for Oklahoma authorizing wholesale spying. According to the Oklahoma Gazette, the state legislature has passed a bill that Microsoft helped write that gives vendors of software the right to check around your computer, delete files they consider unauthorized, and turn you into the local authorities if they don’t like the way your computer smells. This is all being done to keep you secure. Yes, you can refuse to agree to the end user license agreement, but more likely you’ll just click on it without reading the fine print. And if you refuse to sign the EULA, you don’t get to use the software. OK not OK…”

Parallels Virtual Machine for Mac OS X Intel

By Ted Roche on April 8, 2006 in Apple Macintosh OS X, Linux, Microsoft, Technology

The surprise earlier this week was the Boot Camp software to dual boot Intel Mac machines into Windows XP. I knew there were already hacks out there to do it, but didn’t expect official support. But Apple and Microsoft seem to be behind it. The problem with dual-boot (or treble-boot: my ThinkPad offers WinXP, Kubuntu {dapper drake rocks!} and CentOS) is that it seems you’re never in the OS you want to be. Need to switch to Kubuntu to print some labels in gLabels? Shut down Windows (3 minutes), boot Kubuntu (2 minutes), load the labels and print. The next thing you need to do? Probably in one of the other OSes. The right answer is to run all of the OSes as Virtual Machines – all running and idling, or able to start and stop as needed without losing the already booted OS. VMWare is one of several companies doing this.

Linux also has a real contender in Xen, a native virtualization engine.

At LinuxWorld Boston this week, I visited the very low-key Apple booth and heard that something similar is on its way for the Mac: Parallels for Mac OS X is in beta and will allow simultaneous VMs running Windows, Linux, BSD, Solaris or other OSes run on top of the host OS on the Intel Macs. That’s the ticket! Toggling between the OSes sounds like the right solution. Looking forward to seeing these products mature.

Older posts Newer posts

Navigation